360 matches found
CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...
CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...
CVE-2026-33060 CKAN MCP Server: SSRF via base_url allows access to internal networks
CKAN MCP Server is a tool for querying CKAN open data portals. Versions prior to 0.4.85 provide tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to...
CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...
PT-2026-26767
Summary The isSSRFSafeURL function in AVideo can be bypassed using IPv4-mapped IPv6 addresses ::ffff:x.x.x.x. The unauthenticated plugin/LiveLinks/proxy.php endpoint uses this function to validate URLs before fetching them with curl, but the IPv4-mapped IPv6 prefix passes all checks, allowing an...
CVE-2026-30404
The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery SSRF vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations...
GHSA-3XM7-QW7J-QC8V SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks
Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network...
SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks
Summary The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network...
SSRF in @aborruso/ckan-mcp-server via base_url allows access to internal networks
The @aborruso/ckan-mcp-server MCP server provides tools including ckanpackagesearch and sparqlquery that accept a baseurl parameter, making HTTP requests to arbitrary endpoints without restriction. A CKAN portal client has no legitimate reason to contact cloud metadata or internal network service...
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
Summary The plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location header, the redirect target is fetched via fakeBrowser without...
EUVD-2026-11381
SiYuan has a Full-Read SSRF via /api/network/forwardProxy...
CVE-2026-32133
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...
EUVD-2026-11414
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...
CVE-2026-32133 2FAuth has Blind SSRF in image parameter allows internal network access and more
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...
CVE-2026-32110
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...
CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...
CVE-2026-32110
SiYuan (personal knowledge management system) suffers a Full-Read SSRF via the /api/network/forwardProxy endpoint prior to version 3.6.0. Authenticated users can supply a user-controlled URL and trigger the server to fetch arbitrary HTTP resources, with the system returning the full response body...
CVE-2026-32110 SiYuan has a Full-Read SSRF via /api/network/forwardProxy
SiYuan is a personal knowledge management system. Prior to 3.6.0, the /api/network/forwardProxy endpoint allows authenticated users to make arbitrary HTTP requests from the server. The endpoint accepts a user-controlled URL and makes HTTP requests to it, returning the full response body and...
PT-2026-24856
2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Prior to 6.1.0, a blind SSRF vulnerability exists in 2FAuth that allows authenticated users to make arbitrary HTTP requests from the server to internal networks and cloud metadata endpoints. Th...
SiYuan 代码问题漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.6.0 contained code vulnerabilities. These vulnerabilities stemmed from a lack of URL validation in the/api/network/forwardProxy endpoint. This allowed authenticated users to make...